Practice Free 5V0-93.22 Exam Online Questions
An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet.
Which rule should be used?
- A . **Microsoft Office** [Runs external code] [Terminate process]
- B . **excel.exe [Invokes a command interpreter] [Deny operation]
- C . **/Microsoft Excel.app/** [Communicates over the network] [Terminate process]
- D . **excel.exe [Runs malware] [Deny operation]
An organization has the following requirements for allowing application.exe:
– Must not work for any user’s D: drive
– Must allow running only from inside of the user’s TempAllowed directory
– Must not allow running from anywhere outside of TempAllowed
For example, on one user’s machine, the path is C:UsersLorieTempAllowedapplication.exe.
Which path meets this criteria using wildcards?
- A . C:Users?TempAllowedapplication.exe
- B . C:Users*TempAllowedapplication.exe
- C . *:Users**TempAllowedapplication.exe
- D . *:Users*TempAllowedapplication.exe
Which scenario would qualify for the "Local White" Reputation?
- A . The file was added as an IT took
- B . The file was signed using a trusted certificate.
- C . The hash was not on any known good or known bad lists, AND the file is signed.
- D . The hash was previously analyzed, AND it is not on any known good or bad lists.
An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of
this alert on all devices in all policies". There is also a Notification configured to email the
administrator whenever an alert of the same Severity occurs. The following day, a new alert is added
to the same group of alerts.
How will this alert be handled?
- A . The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.
- B . The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
- C . The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.
- D . The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?
- A . Signing Certificate
- B . Hash
- C . Local Approved
- D . IT Tool
Which VMware Carbon Black Cloud integration is supported for SIEM?
- A . SolarWinds
- B . LogRhythm
- C . Splunk App
- D . Datadog
An administrator notices that a sensor’s local AV signatures are out-of-date.
What effect does this have on newly discovered files?
- A . The reputation is determined by cloud reputation.
- B . The sensor prompts the end user to allow or deny the file.
- C . The sensor automatically blocks the new file.
- D . The sensor is unable to block a malicious file.
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.
Which rule should be used?
- A . [Adware or PUP] [Scrapes memory of another process] [Deny operation]
- B . [Not listed application] [Performs ransomware-like behavior] [Terminate process
- C . [Unknown malware] [Runs or is running] [Terminate process]
- D . [Not listed application] [Runs or is running] [Terminate process]
Which VMware Carbon Black Cloud process is responsible for uploading event reporting to VMware Carbon Black Cloud?
- A . Sensor Service (RepUx
- B . Scanner Service (scanhost)
- C . Scanner Service (Re
- D . Sensor Service (RepMqr
Where can a user identify whether a sensor’s signature pack is out-of-date in VMware Carbon Black Cloud?
- A . Enforce > Investigate > Sensors > Details
- B . Enforce > Inventory > Endpoints > Policy
- C . Inventory > Endpoints > Sensor Update Status
- D . Inventory > Endpoints > Device Name